1. Field of the Invention
The present invention relates to a method of effecting cryptographic communications between entities on a computer network using a common cryptokey.
2. Description of the Prior Art
Recent years have seen a pressing need for ciphertext communication technology to keep communication data secret from third parties for communications on a network such as the Internet.
One well known type of such ciphertext communication technology is a form of public key cryptography known as RSA. Another form of ciphertext communication technology which is generally known in the art is a process of sharing a cryptokey used for communications between entities on a network. According to such a process of sharing a cryptokey, a transmitting entity encrypts communication data of a plaintext using a cryptokey and then transmits the cryptographic communication data to a receiving entity. Then, the receiving entity decrypts the received cryptographic communication data back into the original communication data, using the same cryptokey as the cryptokey used by the transmitting entity. The term "entity" used above signifies any existing body for carrying out communications, e.g., a device such as a terminal connected to the network, a user of the device, a program for operating the device, a combination thereof, or the like.
Conventional attempts to realize the process of sharing a cryptokey are disclosed in "NON-PUBLIC KEY DISTRIBUTION/Advances in Cryptography: Proceedings of CRYPTO '82/Plenum Press, 1983, pp. 231-236" by Rolf Blom, "An Optimal Class of Symmetric Key Generation Systems/Advances in Cryptology: EUROCRYPT '84/Springer LNCS 209, 1985, pp. 335-338" by Rolf Blom, Japanese patent publication No. 5-48980, and U.S. Pat. No. 5,016,276, for example.
According to the above disclosed proposals, a center or central facility established on the network generates a secret private key for each of the entities for generating a common cryptokey and distributes the generated secret private key to each of the entities. When the entities communicate with each other, each of the entities applies its own secret private key to the other entity's identifier (name, address, or the like), generating a common cryptokey shared by the entities.
In the above process, the secret private key for each of entities is generated by transforming the identifier of each entity according to a center algorithm which is held by the center only and common to the entities.
More specifically, if the center algorithm is expressed as a function P(x, y) of variables x, y representing two arbitrary identifiers, respectively, then the center algorithm is established so that it has a symmetry represented by P(x, y)=P(y, x). A function P(x, i) (hereinafter expressed as "Pi(x)") which is generated when the actual identifier i of each of the entities is substituted in the value of the variable y, for example, of the variables x, y of the function P(x, y) is distributed as a secret private key to each entity. When the entity having the identifier i subsequently communicates with the entity having the identifier j, the entity having the identifier i applies the identifier j of the other entity to its own secret private key Pi(x), i.e., sets the variable x to "j", thus generating a cryptokey Pi(j). Similarly, the entity having the identifier j applies the identifier i of the other entity to its own secret private key Pj(x), thus generating a cryptokey Pj(i). Since the center algorithm has the above symmetry, the cryptokey Pi(j) is equal to the cryptokey (Pi(j)=Pj(i)). Therefore, the entities having the respective identifiers i, j have obtained a common cryptokey.
With the above process of effecting communications using a common cryptokey, it is necessary that the cryptokey should actually not be analyzed. In the process disclosed in Japanese patent publication No. 5-48980, all cryptokeys contain information relative to the center algorithm which determines the cryptokeys, it is important to keep the cryptokeys difficult to analyze.
Since communication data (plaintext) themselves are encrypted by a cryptokey for communications according to the conventional communication process, the cryptokey may possibly be analyzed from features of the communication data. With the process disclosed in Japanese patent publication No. 5-48980, once the cryptokey is analyzed, the center algorithm may also be analyzed by a collaboration of entities.